Freeware 'greylisting' for Exchange Server

Between blacklisting and whitelisting is a sort of interim spam-fighting strategy called 'greylisting.' In this tip, SearchExchange.com contributor Serdar Yegulalp explains how greylisting works and points to a freeware greylisting application available for Exchange Server environments.

By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Between blacklisting and whitelisting is a sort of interim strategy called greylisting (also known as graylisting). Greylisting involves exploiting a behavior to which RFC-compliant mail servers are supposed to adhere -- and to which spammers rarely do.

When a mail server connects to your mail server to send a given piece of email for the first time, a greylist notes the IP address and the email is rejected with a "Try Again Later" warning. If the server at the other end is running in compliance with the RFC standards for email, it'll try again later as it's just been instructed to.

The next time that server tries to deliver the email, your server will mark that server as "good" and allow future deliveries. On the other hand, many spammers will simply abandon any future delivery attempts after seeing the "Try Again Later" warning, since they typically just want to blast out as many emails as they can without retrying.

Also, during the retry period -- typically an hour or so -- there's a chance that the spammer's IP will be blocked by more conventional antispam techniques. In a way, greylisting is a little like a selective tarpitting scheme.

Programmer Chris J. has written a freeware greylist for Exchange Server, now called JEP(S). This application offers Exchange Server administrators a no-cost option for implementing and testing the effectiveness of greylisting as a spam-fighting mechanism.

The program installs as a .DLL that hooks into Exchange Server's SMTP service, and allows administrative control over the list of IP addresses tracked by the .DLL (so specific addresses can be manually added or removed).

Much of the effectiveness of greylisting is admittedly anecdotal. It's not something that can be recommended as a blanket solution, and it probably won't be a permanent one either. But the anecdotes are interesting: Chris's own experiences with greylisting cut down his spam load from about 4,000 messages a day to almost zero with no other changes.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.

JEP(S) is the new version of Greylist for Exchange. The name was changed because "Greylist for Exchange" was confusing to a lot of people. Also, it's now a commercial product instead of just an interesting project.

As before, the software is available in a free version and a licensed version. The free version is totally free without any time limit or spyware and such. New functionality includes: tarpitting, RBL, RWL, auto whitelisting, separate real-time monitor utility, and it supports IIS SMTP as well as Exchange 2000 and 2003.

Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a nifty thank-you gift.

E-Handbook

E-Handbook

0 comments

E-Mail

Username / Password

Password

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy